People tell AI companion apps things they don’t tell anyone else — relationship problems, mental health struggles, sexual conversations, financial anxieties, confessions they’ve never said out loud. That’s the entire design intent: a companion that listens without judgment, available at any hour, that remembers what you told it last week. It’s also why the privacy stakes around these apps are categorically different from almost any other category of software people use casually.
A 2024 Mozilla Foundation investigation found that roughly four out of five AI companion apps collect user data and share it with third parties, often for advertising. In May 2025, Italy’s data protection authority fined Luka, the company behind Replika, €5 million for GDPR violations. And starting January 2026, California’s SB 243 requires AI companion apps to disclose their data practices and gives users the right to sue for at least $1,000 per violation — a sign that regulators increasingly see this category as needing rules other apps don’t.
None of this means AI companion apps are uniquely malicious. It means the category collects a kind of data — sustained, intimate, emotionally revealing — that most privacy frameworks weren’t built with in mind, and the gap between what people assume and what actually happens is wide.
Why This Data Is Different
Ordinary app data — your name, your location history, your shopping habits — is sensitive, but it’s a snapshot. A companion app conversation is closer to a running transcript of your inner life: what you’re anxious about, who you’re in conflict with, what you wish you could say to someone, how you’re really doing on days you tell everyone else you’re fine.
Security researchers covering this space describe the breach risk in correspondingly stark terms: compromised material from companion app breaches can include sexual conversations, confessions, records of emotional dependency, and other intimate content tied to real, identifiable user accounts. A breach of an e-commerce database exposes purchase history. A breach of a companion app’s chat logs exposes the kind of material that’s specifically useful for blackmail, harassment, or reputational harm — and unlike a leaked password, you can’t rotate a confession.
This asymmetry — the data is uniquely revealing, but the security and business incentives around it aren’t uniquely strong — is the core problem regulators have started responding to.
What’s Actually Happening With the Data
Many companion apps are built on an engagement-and-advertising business model, the same as most consumer apps. That model creates an incentive to retain data, build profiles, and in many cases share information with third parties for targeted advertising — the Mozilla Foundation’s finding that most companion apps do this wasn’t an exception; it’s closer to the norm for free, ad-supported companion products.
Conversations are frequently used to train and improve the underlying AI models. Unless an app explicitly states otherwise, assume your conversation history isn’t just stored — it’s being used as training material, which means fragments of what you said could theoretically influence how the model responds to other users, even if your specific words aren’t reproduced verbatim.
Security investment hasn’t consistently matched the sensitivity of what’s being stored. Coverage of companion app security in 2026 has repeatedly noted that breaches expose this category of data specifically because many of these apps — often built quickly by smaller teams chasing a fast-growing market — haven’t invested in security proportional to how damaging a breach of this particular content would be.
The New Legal Response
California’s SB 243, effective January 2026, is the clearest regulatory signal that lawmakers see AI companion apps as their own category, not just “another chat app.” It requires these apps to disclose their data practices clearly and creates a private right of action — meaning an individual user, not just a regulator, can sue for violations, with statutory damages starting at $1,000 per violation.
That’s a meaningfully different enforcement posture than most consumer privacy law, which usually routes complaints through a regulator with limited capacity to pursue every case. A private right of action puts the power to act directly in the hands of the person whose data was mishandled.
The Italian fine against Replika’s parent company in 2025 points the same direction from the regulatory side: European authorities are willing to treat companion app data practices as GDPR violations worth significant penalties, not a gray area.
Expect more of this, not less, as the category keeps growing and more incidents surface.
What to Actually Check Before You Confide in One
Does the privacy policy say your conversations train the model? Look for explicit language, not just “we may use data to improve our services” — that phrase is often doing a lot of unstated work.
Is there a clear answer on third-party data sharing? If the answer is buried, vague, or absent, treat that as the answer: assume sharing happens until you find a clear statement that it doesn’t.
What’s the deletion process, and is it actually permanent? Many apps let you delete your account without clearly stating whether your conversation history is purged from backups, training datasets, or analytics systems — versus just hidden from your own view.
Does the app’s business model depend on engagement, ads, or data monetization? A companion app that’s free and ad-supported has a structural incentive to keep you talking and to monetize what you say. A model built on a direct subscription, with no ads and no third-party data sharing, has a fundamentally different incentive structure — worth checking for, the same way you’d check a free vs. paid storage service.
Why People Use Them Anyway, and Why That’s Not the Problem
It’s worth saying plainly: there’s nothing wrong with wanting a companion that’s available at 2 a.m., that doesn’t get tired of hearing about the same problem twice, that won’t judge you for what you say. Loneliness is real, mental health support is expensive and hard to access, and an AI companion filling some part of that gap isn’t inherently a bad choice. The problem this piece is describing isn’t that people use these apps — it’s that the privacy and security practices behind many of them haven’t caught up to how much trust people are reasonably placing in them.
That gap is exactly why regulation has started catching up where the market hasn’t. SB 243 didn’t appear because companion apps are uniquely bad pieces of software — it appeared because lawmakers recognized that an entire category of products had grown rapidly around collecting unusually intimate disclosures, with privacy practices that, in aggregate, lagged behind what that category of data deserves. The fix isn’t avoiding the category. It’s holding it to a standard that matches what it actually collects.
A Few Questions Worth Asking Before Your Next Conversation
Beyond checking the privacy policy itself, a few situational questions are worth running through before treating any companion app as a safe place to disclose something significant:
Would I be comfortable if this conversation appeared in a future breach disclosure, tied to my name? If the honest answer is no, that’s useful information about what belongs in the conversation and what doesn’t — independent of how trustworthy the specific app seems today.
Is this app’s core business model dependent on me staying engaged, or on me paying directly? Engagement-funded products have a structural reason to encourage longer, more frequent, more emotionally involved conversations, which isn’t necessarily bad, but is worth knowing about as a design incentive shaping the product you’re using.
Has this company had a public breach or regulatory enforcement action, and how did they respond? A company’s response to its first incident — transparency, speed of disclosure, concrete changes — tends to predict how seriously it takes the next one. A pattern of vague statements and slow disclosure is itself useful information.
The Part Worth Separating Out
Companion apps are designed for ongoing conversation, and that’s a reasonable thing to want. The privacy risk isn’t the conversation itself — it’s when people start using a companion app as a place to also store things that don’t need to live inside a chat history at all: photos shared in the moment, voice memos, documents, journal-style entries describing things they want to remember later.
Those things don’t need to sit inside a product whose core business is engagement and whose data, as the research above shows, is inconsistently protected and frequently monetized. A photo, a voice note, or a written memory you actually want to keep belongs in storage built specifically to hold it — not in the message history of an app optimized to keep you talking.
daftei is built for exactly that separation: a private place for the files, voice notes, and memories you want to keep, with AES-256 encryption at rest, TLS 1.3 in transit, no ads, no data sale, and no third-party AI training on anything you store. It’s not a companion, and it isn’t trying to be one — it’s the place the things you’d otherwise type into a chat window can actually live safely.